I?D-A129  786  8  DIAGNOSIS  ALGORITHM  FOR  THE  BGM  (BARS I  GRANDONI  AND 

NAESTRIND  SVSTEM  L.  .  (U)  JOHNS  HOPKINS  UNIV  BALTIMORE 
MD  DEPT  OF  ELECTRICAL  ENGINEER  IN.  .  G  G  MEVER  15  JUN  82 
UNCLASSIFIED  JHU/EECS-82/06  N08814-80-C-0772  F/G  1271 


1/1 

NL 


Ifltc  FILE  COPY  v  ^  AO  A  I  2-9786 


« 

;  A  DIAGNOSIS  ALGORITHM  FOR 

\  THE  BGM  SYSTEM  LEVEL  FAULT  MODEL 


G.G.L.  Meyer 


Report  JHU/EECS -83/06 


DTIC 


h  JUN  2  7  1S63 

$S.\-  ' 

A 


"it*  t  l;t 

i  Icf  prbi- :  r*!rcs*  .-r.. 
j  in  i.  .  , 


ELECTRICAL 
ENGINEERING 
&  COMPUTER 
SCIENCE 


A  DIAGNOSIS  ALGORITHM  FOR 
THE  BGM  SYSTEM  LEVEL  FAULT  MODEL 


G.GX.  Meyer 

Report  JHU/EECS -83/06  v 


Electrical  Engineering  and  Computer  Science  Department 
The  Johns  Hopkins  University 
Baltimore,  Maryland  21218 


June  1$,  1983 


.1,  ■  '  ■ 


"  r 


This  work  was  supported  by  the  Office  of  Naval  Research  under  Contract 
N00014-80-C-0772. 


ABSTRACT 


A  r-diagnosable  system  is  a  system  in  which  all  faults  may  be  identified 
from  the  test  results,  provided  that  the  number  of  faults  does  not  exceed  r.  In 
this  paper  we  present  an  algorithm  that  may  be  used  for  the  diagnosis  of  the 
system  level  BGM  fault  model  proposed  by  Barsi,  Grandoni  and  Macstrini, 
whenever  the  system  is  r-diagnosabie  and  the  number  of  faults  is  at  most  r. 


THE  BGM  SYSTEM  LEVEL  FAULT  MODEL 


Consider  a  system  S  of  n  units  tii,  u2*  ... ,  uH  and  a  test  digraph  TD, 
where  TD  —  { (ulyUj)  |  ut  tests  Uj }.  It  is  assumed  that  no  unit  tests  itself,  that 
each  unit  is  either  faulty  or  nonfaulty,  and  that  the  state  of  each  unit  is  con¬ 
stant  during  the  application  of  the  testing  procedures.  If  (u, jij)  is  in  TD,  then 
n,  tests  Uj,  and  the  test  outcome  au  is  assumed  to  be  either  "0"  (uj  passes  the 
test)  or  "1"  (uj  fails  the  test).  The  set  of  test  outcomes  {  afJ  |  €  TD  }  is 

the  syndrome  of  the  system.  In  the  BGM  model  proposed  by  Barsi,  Grandoni 
and  Maestrini  [1],  the  following  relationships  between  faults  and  test  outcomes 
are  assumed: 

(i)  if  (a,  jij)  is  in  TD  and  u,  and  Uj  are  nonfaulty,  then  au  —  O, 

(iO  if  («/ jtj )  is  in  TD,  u,  is  nonfaulty  and  Uj  is  faulty,  then  a,j  —  1; 

(iii)  if  (u,jtj)  is  in  TD  and  both  u,  and  Uj  are  faulty,  then  —  1; 

(iv)  if  (Uijtj)  is  in  TD,  u,  is  faulty  and  Uj  is  nonfaulty,  then  ay  may  take  either 
the  value  0  or  1. 

Thus,  if  a  unit  u,  is  tested  by  a  unit  Uj  and  aJt  —  0,  the  unit  u,  is  nonfaulty. 

Given  a  set  of  faulty  units  Fs,  the  computation  of  the  corresponding  syn¬ 
dromes  is  not  difficult,  but  to  compute  the  sets  of  faulty  units  that  are  con¬ 
sistent  with  a  given  syndrome  is  not  as  easy.  In  this  paper,  we  address  the 
latter  problem  -  namely,  syndrome  decoding  -  and  we  restrict  ourselves  to 
r-diagnosability  in  the  sense  of  Preparata,  Metre  and  Chien  [6]. 

Definition  1:  A  system  S  is  r-diagnosabie  if  all  faulty  units  within  the  system 
can  be  identified  without  replacement,  provided  that  the  number  of  faulty  units 
does  not  exceed  r. 

In  the  remainder  of  this  work,  II  >4  il  will  be  used  to  denote  the  number  of 


elements  in  the  set  A . 


FAULT  IDENTIFICATION  ALGORITHM 

Our  approach  to  system  diagnosis  consists  in  defining  subsets  V ,  Hi,  H2 
and  H2  that  depend  on  the  syndrome  and  two  subsets  W  and  X  that  depend 
only  an  the  test  digraph,  and  then  to  relate  those  subsets  to  the  set  Fs  of  faulty 
units  in  S. 

The  set  V  contains  all  the  units  in  S  that  are  tested  by  at  least  one  other 
unit  in  S  and  found  to  be  nonfaulty  by  that  unit,  Le., 

V  —  {  u,  €  S  |  Uj  in  S  exists  so  that  iujji,)  €  TD  and  afi  —  0  }.  Cl) 
Thus,  if  S  is  a  BGM  model,  the  unit  u,  is  nonfaulty  whenever  u,  is  in  V. 

The  set  Hi  contains  all  the  units  in  S  that  are  tested  by  at  least  one  unit  u} 
in  V  and  found  faulty,  and  all  the  units  in  S  that  test  at  least  one  unit  Uj  in  V, 
and  find  it  faulty,  Le., 

H i  —  {«/  €  S  |  Uj  in  V  exists  so  that  ( uJtUi )  €  TD  and  afi  —  1  } 

U  [u,  €  S  |  Uj  in  V  exists  so  that  €  TD  and  av  »  1 }.  (2) 

One  should  note  that  if  5  is  a  BGM  model,  them  the  sets  V  and  Hi  are 
disjoint,  and  u(  is  faulty  whenever  u,  is  in  Hi. 

The  index  set H2  depends  on  the  cardinality  of  the  sets  Liu,),  where,  for 
every  unit  u,  in  S  —  (K  U Hi),  the  sets  Liu,)  are  defined  by 

Liu,)  —  { Uj  6  S  —  iV U Hi)  j  iuj,uj)  €  TD  and  a,j  —  1  } 

U  («y  6S-CK VHJ  |  iujji,)  €  TD  and ajt  —  1  }. 

Given  u,,  it  is  possible  that  Uj  exists  so  that  iu,,Uj)  and  iu},u,)  are  both  in  TD, 
and  a,j  —  aj,  —  1.  Obviously,  in  such  a  case  Uj  appears  in  Liu,)  only  once. 


The  set  Liu, )  contains  all  the  units  adjacent  to  the  unit  u,  that  must  be  faulty  if 
the  unit  u,  is  actually  nonfaulty.  Given  a  scalar  r,  the  set  H2  consists  of  all  the 
units  in  S,  but  not  in  V  U Hlt  such  that  the  cardinality  of  L(a,)  is  strictly 
greater  than  r,  Le., 

H2-[u,  €  5  —  (K U/f i>  |  \L(u,)\  >t+1  }.  (3) 

It  is  dear  that  if  S  is  a  BGM  model  and  if  at  most  r  units  in  S  are  faulty,  then 
Uf  is  faulty  whenever  it  is  in  J/2. 

The  set  H$  contains  the  remaining  units  in  S ,  Le., 

H2  ■»  5  —  (K  UHiUffjX 

The  definition  of  the  sets  H\>  H2  and  Hi  immediately  implies  the  follow¬ 
ing  lemma. 

Lemma  1:  If  (05  is  a  BGM  model,  and  (iO  I.FS  I  <  r,  then 

H2\JH2  C  Fs  Q  HlUH1\JHi. 

The  two  subsets  W  and  AT  of  5  that  are  defined  now  depend  only  an  the 
test  digraph  TD  and  do  not  depend  on  the  syndromes  produced  by  faulty  sets 
of  units.  Note  that  the  subset  W  is  not  used  in  the  fault  identification  algo¬ 
rithm,  and  is  defined  only  to  facilitate  the  analysis  of  the  algorithm. 

The  set  W  contains  all  the  units  u,  in  S  such  that:  (i)  the  unit  u,  is  tested 
by  exactly  r  other  units,  and  (ii)  a  unit  uj  in  S  exists  such  that  Uj  is  tested  by 
exactly  r  other  units  in  5,  and  u,  and  Uj  test  each  other. 

The  set  JIT  be  the  set  of  all  units  ut  in  5  such  that:  (0  u,  is  tested  by 
exactly  r  other  units;  (ii)  a  unit  uj  exists  such  that  uj  is  tested  by  exactly  r 
units  in  S  and  u,  and  Uj  test  each  other,  and  (iii)  a  unit  uk  in  5  exists  such  that 
the  unit  uk  tests  Uj  but  not  uf ,  and  uk  is  tested  by  at  least  one  unit  that  does 
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not  testa,. 

We  axe  now  ready  to  present  our  fault  identification  algorithm. 

Algorithm  1: 

Step  0:  Compute  the  set  V  as  in  Equation  (1). 

Step  1:  If  Is  —  V I  <  t,  let  FA  —  S  —  V  and  stop;  otherwise,  go  to  Step  2. 
Step  2:  Compute  the  sets  H\  and  H 2  as  in  Equations  (2)  and  (3). 

Step  3:  If  l/f  i  UHi  I  —  r,  let  FA  —  ff  jU H2  and  stop;  otherwise,  go  to  Step  4. 
Step  4:  Let  FA  ^  H \^JH  ^C\X)  and  stop. 

ALGORITHM  ANALYSIS 

We  start  the  analysis  of  Algorithm  1  by  presenting  its  properties  when  the 
following  assumption  is  satisfied. 

Hypothesis  1:  Every  unit  in  S  is  tested  fay  at  least  r  other  units  in  S. 

We  now  show  that  when  Hypothesis  1  is  satisfied,  the  set  FA  generated  by 
Algorithm  1  contains  only  faulty  units. 

Lemma  2:  If  (i)  S  is  a  BGM  model,  (ii)  Hypothesis  1  is  satisfied,  and 
(iii)  lFg\  <  t,  then/^  C 

Pxoof:  (0  Assume  that  IHiUH2 U/f3fl  <  r.  In  that  case,  Algorithm  1  stops 
in  Step  1  and  FA  —  S  —  K  —  H 2UH Two  cases  are  possible:  either 
l/g  I  <  r  or  iFs  I  —  r. 

(La)  Assume  that  lFs  1  <  t.  Let  u,  be  a  nonfaulty  unit  By  assumption, 
every  unit  is  tested  by  at  least  r  other  units  and  the  fact  that  I/5 1  <  t  implies 
that  a,  is  tested  by  at  least  one  nonfaulty  unit,  say  Uj.  Thus,  if  a,  is  nonfaulty, 
a  unit  Uj  exists  so  that  (.Uj )  is  in  TD,a}i  —  0,  and  it  follows  that  V  contains 
the  indices  of  all  the  nonfaulty  units  in  5.  Now  let  a,  be  a  faulty  unit 
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Hypothesis  1  and  the  fact  that  lfs  I  <  r  imply  that  ut  is  tested  by  at  least  one 
unit  Uj  in  K  and  afi  —  1.  It  follows  that  H\  —  Fs,  V  and  form  a  partition 
far  5,  S  —  V  —  H\,  and  thus  FA  —  Fs. 

(Lb)  Assume  now  that  l/j  11  —  t.  In  that  case.  Lemma  1  implies  immediately 
that/*  •HlUH2UH3  -  S  -  K  -  FA. 

(u)  Assume  now  that  l#iU/f2U/f3l  >  r.  By  assumption,  i  <  r,  and 
thus,  using  Lemma  1,  we  may  conclude  that  ll/^U/Z^I  <  t.  Thus,  once 
again,  two  cases  are  possible:  either  l/fiU//2ll  ”  r  or  <  r. 

(iLa)  Assume  that  l/fiU/f2ll  “  r.  In  that  case.  Algorithm  1  stops  in  Step  3 
and  Fa  —  /f iU/f2.  Lemma  1  implies  immediately  that  ll/$  II  must  be  equal  to 
rand  that  F4  —  Fs- 

(iLb)  Assume  now  that  ll/f1U/f2l  <  r.  In  that  case.  Algorithm  1  stops  in 
Step  4  and  ^  — /fiU/f2U(/f3nJT).  Letii/  b&inH3nX  and  let  Uj  and  uk  be 
units  that  satisfy  part  (ii)  and  (iii)  in  the  definition  of  the  set  AT.  Suppose  that 
u,  and  uk  are  both  nonfaulty.  All  the  units  that  test  u,  and  those  that  test  uk 
are  then  faulty.  The  unit  uk  is  tested  by  at  least  one  unit  that  does  not  test  u, 
and  therefore,  the  assumption  that  both  u,  and  uk  are  nonfaulty  implies  that  at 
least  t  + 1  units  are  faulty.  This  is  impossible,  and  thus,  if  u,  is  nonfaulty,  uk 
must  be  faulty.  The  unit  uk  does  not  test  the  unit  ult  and  the  fact  that  u,  is  in 
H3  implies  that  u,  does  not  test  uk.  Thus,  if  u,  is  assumed  to  be  nonfaulty,  we 
must  conclude  that  at  least  t  + 1  units  are  faulty.  Once  again,  this  is  impossi¬ 
ble;  Therefore,  the  unit  ut  must  be  faulty  -  i.e.,  u,  must  be  in  Fg»  We  already 
know  from  Lemma  1  that/fj  and  H2  are  subsets  of  F$,  and  thus,  we  may  con¬ 
clude  that/yjU/fjUU^n*)  is  in  Fs,  i.e.,  that/^  is  a  subset  of  Fs. 

In  their  1976  paper,  Barsi,  Grandoni  and  Maestrini  [1]  proposed  a  condi- 


lion  on  the  test  digraph  TD  that  insures  r-fault  diagnosabillty.  Using  our  nota¬ 
tion,  we  will  now  repeat  that  assumption  and  show  that  it  may  be  used  to 
insure  that  Fs  is  found  by  Algorithm  1 

Hypothesis  2:  If  the  units  u,  and  Uj  are  in  W  and  if  u,  and  ttj  test  each  other, 
then  u,  otuj  or  both  ate  in  X. 

Lemma  3:  If  (i)  S  is  a  BGM  model,  (ii)  Hypotheses  1  and  2  are  satisfied, 

(iii)  I/s  I  <  r,  (iv)  >  r  arai  (v)  l/fjU^II  <  r,  then  H3  Q 

W,  l/^l  -  r  and^1U/f2UU/3nA’)  - /s. 

Proof:  (0  Let  uf  be  a  unit  in  Hy  Every  unit  in  S  that  tests  u{  find  u,  faulty 
(otherwise  u,  would  be  in  K).  No  unit  in  V  tests  u-,  (otherwise  u,  would  be  in 
H{).  The  unit  u,  cannot  be  tested  by  more  than  r  other  units  (otherwise  u, 
would  be  in  /f2),  and  thus.  Hypothesis  1  implies  that  u,  is  tested  by  exactly  r 
other  units.  We  may  conclude  that  every  unit  in  H 3  is  tested  by  exactly  r  other 
units  that  must  be  in/fiU/f2U/Tj. 

We  have  assumed  that  B/f  3  UH2 1  <  r,  and  therefore,  if  h,  is  in//3,  u ,  must 
be  tested  by  at  least  one  other  unit  Uj  also  in/f3.  If  u,  does  not  test  Uj,  then 
Uj  is  tested  and  found  faulty  by  a  set  of  r  units  that  does  not  include  ut,  and  Uj 
tests  and  finds  u,  faulty.  It  is  dear  that  Liuj)  >  r,  and  thus  Uj  must  be  in /f2. 
This  contradicts  the  fact  that  Uj  is  in  H3  and  therefore  we  may  conclude  that  u, 
tests  Uj.  Every  unit  m/f3  is  in  IK  and  thus  H$QW . 

(ii)  Suppose  that  8/s  0  <  r.  Part  (La)  of  the  proof  of  Lemma  2  shows  that//] 
—  Fs  and  V  and  H\  form  a  panion  for  S.  Thus,  H2  and  Hi  are  empty  and 
l/f  iU//2U/f3ll  <  r.  This  contradicts  the  fact  that  ll/fiU/f2U/f3ll  >  r,  and 
we  may  conclude  that  i/5 1  —  r. 

(iii)  Suppose  that  a  unit  u,  exists  so  that  u,  is  in  H 3  but  is  not  in  X .  The  unit 


u,  is  tested  by  exactly  r  other  units  that  must  be  in# iU/f2U/73.  It  follows 
that  Uj  is  tested  by  at  least  r  —  l//'1U#2li  units  in  #3.  Hypothesis  2  then 
implies  that  all  those  units  in  #3  (and  thus  in  W )  that  test  u{  must  be  in  X. 

We  may  then  conclude  that  (i#3nAr  fl  —  r  —  llfiUff2  II-  The  fact  that  the 
sets #i.  Hi  and #3  are  disjoint  then  implies  that  lH  \UH  2U(JJ  $r\X)§  —  r. 
We  have  proved  that  I/5  II  —  r,  from  Lemma  2,  we  know  that  II 
#1U#2U(#3nA')ll  Q  Fs,  and  it  follows  thsLtHiUH2U(Jf3nX )  -  />. 

(iv)  Suppose  that  all  units  in  #3  are  also  inX.  In  that  case,  H3DX  —  #3  and 
Lemma  1  implies  immediately  that  #iU#2U(#3  020  —  Fs. 

Using  Lemmas  2  and  3,  we  may  then  obtain  the  following  result 
Theorem  1:  If  (i)  S  is  a  BGM  model,  (ii)  Hypotheses  1  and  2  are  satisfied,  and 
I/s  I  <  r,  then  the  set  FA  generated  by  Algorithm  1  is  equal  10  Fs. 

It  is  known  that  if  a  BGM  model  is  r-diagnosabie,  then  Hypotheses  1  and 
2  are  satisfied  [1].  Hence,  we  obtain  the  main  result  of  the  paper. 

Theorem  2:  Let  S  be  a  r-diagnosable  BGM  fault  model  and  let  Fs  be  the  set  of 
faulty  units  in  S.  If  fl/5 1  <  t,  then  the  set  FA  generated  by  Algorithm  1  is 
equal  to/5. 

Reference  [5]  contains  a  comprehensive  bibliography  concerning  system 
level  fault  models  and  some  additional  results  concerning  Algorithm  l.  For 
example,  it  is  shown  that  if  S  is  a  BGM  model.  Hypothesis  1  is  satisfied  and  no 
two  units  test  each  other  [2,  Theorem  1],  then  Hypothesis  2  is  automatically 
satisfied  and  Algorithm  1  always  stop  in  either  Step  1  or  3  whenever  \FS  I  < 
r.  Note  that  Holt  has  obtained  diagnosabHity  results  and  some  diagnosis  algo¬ 
rithms  for  a  system  level  fault  model  that  is  related  to  the  BGM  model  [3],  [4]. 


REFERENCES 

[1]  Barsi,  F.,  Grandoni,  F.,  and  Maestrini,  P.,  A  Theory  of  Diagnosability  of 
Digital  Systems,  IEEE  Trans.  Computers ,  Vol.  C-25  ,  June  1976,  pp.  585-593. 

[2]  Hakim  i,  S.L.,  and  Amin,  AT.,  Characterization  of  Connection  Assign¬ 
ment  of  Diagnosabie  Systems,  IEEE  Trans.  Computers,  Vol.  C-23  ,  January 
1974,  pp.  86-88. 

[3]  Holt,  C.S.  and  Smith,  JE.,  Diagnosis  of  Systems  with  Asymmetric  In  1 
dation.  Department  of  Electrical  and  Computer  Engineering,  Technical  Re  * 
ECE-79-18,  University  of  Wisconsin,  Madison,  1979. 

[4]  Holt,  C.S.,  Diagnosis  and  Self-Diagnosis  of  Digital  Systems,  Ph.  D. 
Dissertation,  Univeisity  of  Wisconsin,  Madison,  1981. 

[5]  Meyer,  G.G.L.,  One-Step  Diagnosis  Algorithms  for  the  BGM  System 
Level  Fault  Model,  Department  of  Electrical  Engineering  and  Computer  Sci¬ 
ence,  Report  JHU/EECS-82/14,  The  Johns  Hopkins  University,  Baltimore, 
1962. 

[6]  Preparata,  F.P.,  Metze,  G.,  and  Chien,  R.T.,  On  the  Connection  Assign¬ 
ment  Problem  of  Diagnosabie  Systems,  IEEE  Trans.  Electronic  Computers,  Vol. 
EC-16  ,  December  1967,  pp. 848-8 54. 


SECURITY  CLASSIFICATION  OF  THIS  FACE  *»*•«  D«««  Entered) 


REPORT  DOCUMENTATION  PAGE 


JHU/EECS-83/06 


4.  TITLE  (and  Subtitle) 


A.  Diagnosis  Algorithm  for  the  BGM 
System  Level  Fault  Model 


7.  author**; 

Gerard  G.  L.  Meyer 


READ  INSTRUCTIONS 
BEFORE  COMPLETING  FORM 


1.  RECIPIENT'S  CATALOG  MUMSER 


S.  TYRE  OF  REPORT  4  PERIOD  COVERED 


Technical 


4.  PERFORMING  ORO.  REPORT  NUMBER 


•.  CONTRACT  OR  GRANT  NUMBER**; 


N  00014-80-C-0772 


PERFORMING  ORGANIZATION  NAME  AND  ADDRESS 

The  Johns  Hopkins  University 
Baltimore  MD  21218 


It.  CONTROLLING  OFFICE  NAME  AND  AOORESS  Ml-  REPORT  DATE 

I  June  15  1983 

Office  of  Naval  Research 
Arlington^  VA  22217 


.  MONITORING  AGENCY  NAME  •  AOORESS*!!  dlllaranl  tram  Controlling  Olllca)  I  IS.  SECURITY  CLASS,  (at  tbla  report) 


is.  number  of  pages 
10 


Unclassified 


IS*.  DECLASSIFICATION/ DOWNGRADING 
SCHEDULE 


la.  DISTRIBUTION  STATEMENT  (a!  Nil*  Xapart) 


Approved  for  public  release,  distribution  unlimited 


17.  DISTRIBUTION  STATEMENT  (at  lha  abatract  entered  In  Dlack  70.  It  dlllaranl  from  Xapart) 


It.  KEY  WORDS  fConUnu*  on  rovorio  oJrfo  It  nacmmmmry  and  Idanttty  by  bloc*  rv.'-wbor) 

Fault  analysis,  system  level;  fault  model,  diagnosis  algorithm. 


20.  ABSTRACT  (Continue  on  raaaraa  aide  II  neceaaary  mid  Idantlty  by  block  number) 

A  £-diagnosable  system  is  a  system  in  which  all  faults  may  be  identified 
from  the  test  results,  provided  that  the  number  of  faults  does  not  exceed  C 
In  this  paper  we  present  an  algorithm  that  may  be  used  for  the  diagnosis 
of  the  system  level  BGM  fault  model  proposed  by  Bars!  Grandoni  and 
Maestrini,  whenever  the  system  is  Z -diagnosable  and  the  number  of  faults 
is  at  most  Z  • 


FORM 
JAN  71 


EDITION  OF  I  NOV  *S  IS  OBSOLETE 
S/N  0102-  LF- 014-6401 


_ Unclassi fied _ 

SECURITY  CLASSIFICATION  OF  THIS  PAGE  *Wh*n  Data  Sntarad) 


